Package com.broadleafcommerce.auth.user.session

Class OAuth2AuthenticationEntryPoint

java.lang.Object
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
com.broadleafcommerce.auth.user.session.OAuth2AuthenticationEntryPoint
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.security.web.AuthenticationEntryPoint
public class OAuth2AuthenticationEntryPoint extends org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Provides a behavior consistent with http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. Specifically, inclusion of the prompt=none parameter. This implementation will detect the inclusion of the prompt request param, and if detected to be none, will return an error response consistent with OIDC, rather than redirect to the login page. This allows for silent authentication flows that are suitable for SPA use cases.
Author:
Jeff Fischer

  • Constructor Summary

    Constructors
    Constructor
    Description
    OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, boolean useRedirectUriHost)
    The useRedirectUriHost flag has been deprecated as the ForwardedHeaderFilter should be used in all circumstances to correctly determine the redirect URI.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException)
     
    protected String
    determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)
     
    org.springframework.security.oauth2.provider.ClientDetailsService
    getClientDetailsService()
     
    org.springframework.security.oauth2.provider.endpoint.RedirectResolver
    getRedirectResolver()
     
    org.springframework.security.web.RedirectStrategy
    getRedirectStrategy()
     
    boolean
    isUseRedirectUriHost()
     
    void
    setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)
     
    void
    setRedirectResolver(org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)
     
    void
    setRedirectStrategy(org.springframework.security.web.RedirectStrategy redirectStrategy)
     
    void
    setUseRedirectUriHost(boolean useRedirectUriHost)
     

    Methods inherited from class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

    afterPropertiesSet, buildHttpsRedirectUrlForRequest, buildRedirectUrlToLoginPage, getLoginFormUrl, getPortMapper, getPortResolver, isForceHttps, isUseForward, setForceHttps, setPortMapper, setPortResolver, setUseForward

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • OAuth2AuthenticationEntryPoint

      public OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, @Deprecated boolean useRedirectUriHost)
      The useRedirectUriHost flag has been deprecated as the ForwardedHeaderFilter should be used in all circumstances to correctly determine the redirect URI. When it is used, the requests will automatically be redirected to the forwarded host/path.

  • Method Details

    • commence

      public void commence(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, javax.servlet.ServletException
      Specified by:
      commence in interface org.springframework.security.web.AuthenticationEntryPoint
      Overrides:
      commence in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
      Throws:
      IOException
      javax.servlet.ServletException

    • determineUrlToUseForThisRequest

      protected String determineUrlToUseForThisRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)
      Overrides:
      determineUrlToUseForThisRequest in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

    • getRedirectResolver

      public org.springframework.security.oauth2.provider.endpoint.RedirectResolver getRedirectResolver()

    • getClientDetailsService

      public org.springframework.security.oauth2.provider.ClientDetailsService getClientDetailsService()

    • getRedirectStrategy

      public org.springframework.security.web.RedirectStrategy getRedirectStrategy()

    • isUseRedirectUriHost

      public boolean isUseRedirectUriHost()

    • setRedirectResolver

      public void setRedirectResolver(org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)

    • setClientDetailsService

      public void setClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)

    • setRedirectStrategy

      public void setRedirectStrategy(org.springframework.security.web.RedirectStrategy redirectStrategy)

    • setUseRedirectUriHost

      public void setUseRedirectUriHost(boolean useRedirectUriHost)